//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension SecurityLake {
    // MARK: Enums

    public enum AccessType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case lakeformation = "LAKEFORMATION"
        case s3 = "S3"
        public var description: String { return self.rawValue }
    }

    public enum AwsLogSourceName: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case cloudTrailMgmt = "CLOUD_TRAIL_MGMT"
        case eksAudit = "EKS_AUDIT"
        case lambdaExecution = "LAMBDA_EXECUTION"
        case route53 = "ROUTE53"
        case s3Data = "S3_DATA"
        case shFindings = "SH_FINDINGS"
        case vpcFlow = "VPC_FLOW"
        case waf = "WAF"
        public var description: String { return self.rawValue }
    }

    public enum DataLakeStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case completed = "COMPLETED"
        case failed = "FAILED"
        case initialized = "INITIALIZED"
        case pending = "PENDING"
        public var description: String { return self.rawValue }
    }

    public enum HttpMethod: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case post = "POST"
        case put = "PUT"
        public var description: String { return self.rawValue }
    }

    public enum SourceCollectionStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case collecting = "COLLECTING"
        case misconfigured = "MISCONFIGURED"
        case notCollecting = "NOT_COLLECTING"
        public var description: String { return self.rawValue }
    }

    public enum SubscriberStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "ACTIVE"
        case deactivated = "DEACTIVATED"
        case pending = "PENDING"
        case ready = "READY"
        public var description: String { return self.rawValue }
    }

    public enum LogSourceResource: AWSEncodableShape & AWSDecodableShape, Sendable {
        /// Amazon Security Lake supports log and event collection for natively supported Amazon Web Services services. For more information, see the Amazon Security Lake User Guide.
        case awsLogSource(AwsLogSourceResource)
        /// Amazon Security Lake supports custom source types. For more information, see the Amazon Security Lake User Guide.
        case customLogSource(CustomLogSourceResource)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .awsLogSource:
                let value = try container.decode(AwsLogSourceResource.self, forKey: .awsLogSource)
                self = .awsLogSource(value)
            case .customLogSource:
                let value = try container.decode(CustomLogSourceResource.self, forKey: .customLogSource)
                self = .customLogSource(value)
            }
        }

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .awsLogSource(let value):
                try container.encode(value, forKey: .awsLogSource)
            case .customLogSource(let value):
                try container.encode(value, forKey: .customLogSource)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .awsLogSource(let value):
                try value.validate(name: "\(name).awsLogSource")
            case .customLogSource(let value):
                try value.validate(name: "\(name).customLogSource")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case awsLogSource = "awsLogSource"
            case customLogSource = "customLogSource"
        }
    }

    public enum NotificationConfiguration: AWSEncodableShape, Sendable {
        /// The configurations used for HTTPS subscriber notification.
        case httpsNotificationConfiguration(HttpsNotificationConfiguration)
        /// The configurations for SQS subscriber notification.
        case sqsNotificationConfiguration(SqsNotificationConfiguration)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .httpsNotificationConfiguration(let value):
                try container.encode(value, forKey: .httpsNotificationConfiguration)
            case .sqsNotificationConfiguration(let value):
                try container.encode(value, forKey: .sqsNotificationConfiguration)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .httpsNotificationConfiguration(let value):
                try value.validate(name: "\(name).httpsNotificationConfiguration")
            default:
                break
            }
        }

        private enum CodingKeys: String, CodingKey {
            case httpsNotificationConfiguration = "httpsNotificationConfiguration"
            case sqsNotificationConfiguration = "sqsNotificationConfiguration"
        }
    }

    // MARK: Shapes

    public struct AccessDeniedException: AWSErrorShape {
        /// A coded string to provide more information about the access denied exception. You can use the error code to check the exception type.
        public let errorCode: String?
        public let message: String?

        @inlinable
        public init(errorCode: String? = nil, message: String? = nil) {
            self.errorCode = errorCode
            self.message = message
        }

        private enum CodingKeys: String, CodingKey {
            case errorCode = "errorCode"
            case message = "message"
        }
    }

    public struct AwsIdentity: AWSEncodableShape & AWSDecodableShape {
        /// The external ID used to establish trust relationship with the Amazon Web Services identity.
        public let externalId: String
        /// The Amazon Web Services identity principal.
        public let principal: String

        @inlinable
        public init(externalId: String, principal: String) {
            self.externalId = externalId
            self.principal = principal
        }

        public func validate(name: String) throws {
            try self.validate(self.externalId, name: "externalId", parent: name, max: 1224)
            try self.validate(self.externalId, name: "externalId", parent: name, min: 2)
            try self.validate(self.externalId, name: "externalId", parent: name, pattern: "^[\\w+=,.@:\\/-]*$")
            try self.validate(self.principal, name: "principal", parent: name, pattern: "^([0-9]{12}|[a-z0-9\\.\\-]*\\.(amazonaws|amazon)\\.com)$")
        }

        private enum CodingKeys: String, CodingKey {
            case externalId = "externalId"
            case principal = "principal"
        }
    }

    public struct AwsLogSourceConfiguration: AWSEncodableShape {
        /// Specify the Amazon Web Services account information where you want to enable Security Lake.
        public let accounts: [String]?
        /// Specify the Regions where you want to enable Security Lake.
        public let regions: [String]
        /// The name for a Amazon Web Services source.
        public let sourceName: AwsLogSourceName
        /// The version for a Amazon Web Services source.
        public let sourceVersion: String?

        @inlinable
        public init(accounts: [String]? = nil, regions: [String], sourceName: AwsLogSourceName, sourceVersion: String? = nil) {
            self.accounts = accounts
            self.regions = regions
            self.sourceName = sourceName
            self.sourceVersion = sourceVersion
        }

        public func validate(name: String) throws {
            try self.accounts?.forEach {
                try validate($0, name: "accounts[]", parent: name, max: 12)
                try validate($0, name: "accounts[]", parent: name, min: 12)
                try validate($0, name: "accounts[]", parent: name, pattern: "^[0-9]{12}$")
            }
            try self.regions.forEach {
                try validate($0, name: "regions[]", parent: name, pattern: "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$")
            }
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, pattern: "^(latest|[0-9]\\.[0-9])$")
        }

        private enum CodingKeys: String, CodingKey {
            case accounts = "accounts"
            case regions = "regions"
            case sourceName = "sourceName"
            case sourceVersion = "sourceVersion"
        }
    }

    public struct AwsLogSourceResource: AWSEncodableShape & AWSDecodableShape {
        /// The name for a Amazon Web Services source. This must be a Regionally unique value.
        public let sourceName: AwsLogSourceName?
        /// The version for a Amazon Web Services source. This must be a Regionally unique value.
        public let sourceVersion: String?

        @inlinable
        public init(sourceName: AwsLogSourceName? = nil, sourceVersion: String? = nil) {
            self.sourceName = sourceName
            self.sourceVersion = sourceVersion
        }

        public func validate(name: String) throws {
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, pattern: "^(latest|[0-9]\\.[0-9])$")
        }

        private enum CodingKeys: String, CodingKey {
            case sourceName = "sourceName"
            case sourceVersion = "sourceVersion"
        }
    }

    public struct ConflictException: AWSErrorShape {
        public let message: String?
        /// The resource name.
        public let resourceName: String?
        /// The resource type.
        public let resourceType: String?

        @inlinable
        public init(message: String? = nil, resourceName: String? = nil, resourceType: String? = nil) {
            self.message = message
            self.resourceName = resourceName
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case resourceName = "resourceName"
            case resourceType = "resourceType"
        }
    }

    public struct CreateAwsLogSourceRequest: AWSEncodableShape {
        /// Specify the natively-supported Amazon Web Services service to add as a source in Security Lake.
        public let sources: [AwsLogSourceConfiguration]

        @inlinable
        public init(sources: [AwsLogSourceConfiguration]) {
            self.sources = sources
        }

        public func validate(name: String) throws {
            try self.sources.forEach {
                try $0.validate(name: "\(name).sources[]")
            }
            try self.validate(self.sources, name: "sources", parent: name, max: 50)
            try self.validate(self.sources, name: "sources", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case sources = "sources"
        }
    }

    public struct CreateAwsLogSourceResponse: AWSDecodableShape {
        /// Lists all accounts in which enabling a natively supported Amazon Web Services service as a Security Lake source failed. The failure occurred as these accounts are not part of an organization.
        public let failed: [String]?

        @inlinable
        public init(failed: [String]? = nil) {
            self.failed = failed
        }

        private enum CodingKeys: String, CodingKey {
            case failed = "failed"
        }
    }

    public struct CreateCustomLogSourceRequest: AWSEncodableShape {
        /// The configuration used for the third-party custom source.
        public let configuration: CustomLogSourceConfiguration
        /// The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. For the list of supported event classes, see the Amazon Security Lake User Guide.
        public let eventClasses: [String]?
        /// Specify the name for a third-party custom source. This must be a Regionally unique value. The sourceName you enter here, is used in the LogProviderRole name which follows the convention AmazonSecurityLake-Provider-{name of the custom source}-{region}. You must use a CustomLogSource name that is shorter than or equal to 20 characters. This ensures that the LogProviderRole name is below the 64 character limit.
        public let sourceName: String
        /// Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.
        public let sourceVersion: String?

        @inlinable
        public init(configuration: CustomLogSourceConfiguration, eventClasses: [String]? = nil, sourceName: String, sourceVersion: String? = nil) {
            self.configuration = configuration
            self.eventClasses = eventClasses
            self.sourceName = sourceName
            self.sourceVersion = sourceVersion
        }

        public func validate(name: String) throws {
            try self.configuration.validate(name: "\(name).configuration")
            try self.eventClasses?.forEach {
                try validate($0, name: "eventClasses[]", parent: name, pattern: "^[A-Z\\_0-9]*$")
            }
            try self.validate(self.sourceName, name: "sourceName", parent: name, max: 64)
            try self.validate(self.sourceName, name: "sourceName", parent: name, min: 1)
            try self.validate(self.sourceName, name: "sourceName", parent: name, pattern: "^[\\w\\-\\_\\:\\.]*$")
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, max: 32)
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, min: 1)
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, pattern: "^[A-Za-z0-9\\-\\.\\_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
            case eventClasses = "eventClasses"
            case sourceName = "sourceName"
            case sourceVersion = "sourceVersion"
        }
    }

    public struct CreateCustomLogSourceResponse: AWSDecodableShape {
        /// The third-party custom source that was created.
        public let source: CustomLogSourceResource?

        @inlinable
        public init(source: CustomLogSourceResource? = nil) {
            self.source = source
        }

        private enum CodingKeys: String, CodingKey {
            case source = "source"
        }
    }

    public struct CreateDataLakeExceptionSubscriptionRequest: AWSEncodableShape {
        /// The expiration period and time-to-live (TTL). It is the duration of time until which the exception message remains.
        public let exceptionTimeToLive: Int64?
        /// The Amazon Web Services account where you want to receive exception notifications.
        public let notificationEndpoint: String
        /// The subscription protocol to which exception notifications are posted.
        public let subscriptionProtocol: String

        @inlinable
        public init(exceptionTimeToLive: Int64? = nil, notificationEndpoint: String, subscriptionProtocol: String) {
            self.exceptionTimeToLive = exceptionTimeToLive
            self.notificationEndpoint = notificationEndpoint
            self.subscriptionProtocol = subscriptionProtocol
        }

        public func validate(name: String) throws {
            try self.validate(self.notificationEndpoint, name: "notificationEndpoint", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
            try self.validate(self.subscriptionProtocol, name: "subscriptionProtocol", parent: name, pattern: "^[a-z\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case exceptionTimeToLive = "exceptionTimeToLive"
            case notificationEndpoint = "notificationEndpoint"
            case subscriptionProtocol = "subscriptionProtocol"
        }
    }

    public struct CreateDataLakeExceptionSubscriptionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct CreateDataLakeOrganizationConfigurationRequest: AWSEncodableShape {
        /// Enable Security Lake with the specified configuration settings, to begin collecting security data for new accounts in your organization.
        public let autoEnableNewAccount: [DataLakeAutoEnableNewAccountConfiguration]?

        @inlinable
        public init(autoEnableNewAccount: [DataLakeAutoEnableNewAccountConfiguration]? = nil) {
            self.autoEnableNewAccount = autoEnableNewAccount
        }

        public func validate(name: String) throws {
            try self.autoEnableNewAccount?.forEach {
                try $0.validate(name: "\(name).autoEnableNewAccount[]")
            }
            try self.validate(self.autoEnableNewAccount, name: "autoEnableNewAccount", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnableNewAccount = "autoEnableNewAccount"
        }
    }

    public struct CreateDataLakeOrganizationConfigurationResponse: AWSDecodableShape {
        public init() {}
    }

    public struct CreateDataLakeRequest: AWSEncodableShape {
        /// Specify the Region or Regions that will contribute data to the rollup region.
        public let configurations: [DataLakeConfiguration]
        /// The Amazon Resource Name (ARN) used to create and update the Glue table. This table contains partitions generated by the ingestion and normalization of Amazon Web Services log sources and custom sources.
        public let metaStoreManagerRoleArn: String
        /// An array of objects, one for each tag to associate with the data lake configuration. For each tag, you must specify both a tag key and a tag value. A tag  value cannot be null, but it can be an empty string.
        public let tags: [Tag]?

        @inlinable
        public init(configurations: [DataLakeConfiguration], metaStoreManagerRoleArn: String, tags: [Tag]? = nil) {
            self.configurations = configurations
            self.metaStoreManagerRoleArn = metaStoreManagerRoleArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.configurations.forEach {
                try $0.validate(name: "\(name).configurations[]")
            }
            try self.validate(self.configurations, name: "configurations", parent: name, min: 1)
            try self.validate(self.metaStoreManagerRoleArn, name: "metaStoreManagerRoleArn", parent: name, pattern: "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case configurations = "configurations"
            case metaStoreManagerRoleArn = "metaStoreManagerRoleArn"
            case tags = "tags"
        }
    }

    public struct CreateDataLakeResponse: AWSDecodableShape {
        /// The created Security Lake configuration object.
        public let dataLakes: [DataLakeResource]?

        @inlinable
        public init(dataLakes: [DataLakeResource]? = nil) {
            self.dataLakes = dataLakes
        }

        private enum CodingKeys: String, CodingKey {
            case dataLakes = "dataLakes"
        }
    }

    public struct CreateSubscriberNotificationRequest: AWSEncodableShape {
        /// Specify the configuration using which you want to create the subscriber notification.
        public let configuration: NotificationConfiguration
        /// The subscriber ID for the notification subscription.
        public let subscriberId: String

        @inlinable
        public init(configuration: NotificationConfiguration, subscriberId: String) {
            self.configuration = configuration
            self.subscriberId = subscriberId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encode(self.configuration, forKey: .configuration)
            request.encodePath(self.subscriberId, key: "subscriberId")
        }

        public func validate(name: String) throws {
            try self.configuration.validate(name: "\(name).configuration")
            try self.validate(self.subscriberId, name: "subscriberId", parent: name, pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$")
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
        }
    }

    public struct CreateSubscriberNotificationResponse: AWSDecodableShape {
        /// The subscriber endpoint to which exception messages are posted.
        public let subscriberEndpoint: String?

        @inlinable
        public init(subscriberEndpoint: String? = nil) {
            self.subscriberEndpoint = subscriberEndpoint
        }

        private enum CodingKeys: String, CodingKey {
            case subscriberEndpoint = "subscriberEndpoint"
        }
    }

    public struct CreateSubscriberRequest: AWSEncodableShape {
        /// The Amazon S3 or Lake Formation access type.
        public let accessTypes: [AccessType]?
        /// The supported Amazon Web Services services from which logs and events are collected. Security Lake supports log and event collection for natively supported Amazon Web Services services.
        public let sources: [LogSourceResource]
        /// The description for your subscriber account in Security Lake.
        public let subscriberDescription: String?
        /// The Amazon Web Services identity used to access your data.
        public let subscriberIdentity: AwsIdentity
        /// The name of your Security Lake subscriber account.
        public let subscriberName: String
        /// An array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag  value cannot be null, but it can be an empty string.
        public let tags: [Tag]?

        @inlinable
        public init(accessTypes: [AccessType]? = nil, sources: [LogSourceResource], subscriberDescription: String? = nil, subscriberIdentity: AwsIdentity, subscriberName: String, tags: [Tag]? = nil) {
            self.accessTypes = accessTypes
            self.sources = sources
            self.subscriberDescription = subscriberDescription
            self.subscriberIdentity = subscriberIdentity
            self.subscriberName = subscriberName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.sources.forEach {
                try $0.validate(name: "\(name).sources[]")
            }
            try self.validate(self.subscriberDescription, name: "subscriberDescription", parent: name, pattern: "^[\\\\\\w\\s\\-_:/,.@=+]*$")
            try self.subscriberIdentity.validate(name: "\(name).subscriberIdentity")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case accessTypes = "accessTypes"
            case sources = "sources"
            case subscriberDescription = "subscriberDescription"
            case subscriberIdentity = "subscriberIdentity"
            case subscriberName = "subscriberName"
            case tags = "tags"
        }
    }

    public struct CreateSubscriberResponse: AWSDecodableShape {
        /// Retrieve information about the subscriber created using the CreateSubscriber API.
        public let subscriber: SubscriberResource?

        @inlinable
        public init(subscriber: SubscriberResource? = nil) {
            self.subscriber = subscriber
        }

        private enum CodingKeys: String, CodingKey {
            case subscriber = "subscriber"
        }
    }

    public struct CustomLogSourceAttributes: AWSEncodableShape & AWSDecodableShape {
        /// The ARN of the Glue crawler.
        public let crawlerArn: String?
        /// The ARN of the Glue database where results are written, such as: arn:aws:daylight:us-east-1::database/sometable/*.
        public let databaseArn: String?
        /// The ARN of the Glue table.
        public let tableArn: String?

        @inlinable
        public init(crawlerArn: String? = nil, databaseArn: String? = nil, tableArn: String? = nil) {
            self.crawlerArn = crawlerArn
            self.databaseArn = databaseArn
            self.tableArn = tableArn
        }

        public func validate(name: String) throws {
            try self.validate(self.crawlerArn, name: "crawlerArn", parent: name, max: 1011)
            try self.validate(self.crawlerArn, name: "crawlerArn", parent: name, min: 1)
            try self.validate(self.crawlerArn, name: "crawlerArn", parent: name, pattern: "^arn:(aws|aws-us-gov|aws-cn):securitylake:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9][A-Za-z0-9_/.\\-]{0,127}$")
            try self.validate(self.databaseArn, name: "databaseArn", parent: name, max: 1011)
            try self.validate(self.databaseArn, name: "databaseArn", parent: name, min: 1)
            try self.validate(self.databaseArn, name: "databaseArn", parent: name, pattern: "^arn:(aws|aws-us-gov|aws-cn):securitylake:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9][A-Za-z0-9_/.\\-]{0,127}$")
            try self.validate(self.tableArn, name: "tableArn", parent: name, max: 1011)
            try self.validate(self.tableArn, name: "tableArn", parent: name, min: 1)
            try self.validate(self.tableArn, name: "tableArn", parent: name, pattern: "^arn:(aws|aws-us-gov|aws-cn):securitylake:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9][A-Za-z0-9_/.\\-]{0,127}$")
        }

        private enum CodingKeys: String, CodingKey {
            case crawlerArn = "crawlerArn"
            case databaseArn = "databaseArn"
            case tableArn = "tableArn"
        }
    }

    public struct CustomLogSourceConfiguration: AWSEncodableShape {
        /// The configuration used for the Glue Crawler for a third-party custom source.
        public let crawlerConfiguration: CustomLogSourceCrawlerConfiguration
        /// The identity of the log provider for the third-party custom source.
        public let providerIdentity: AwsIdentity

        @inlinable
        public init(crawlerConfiguration: CustomLogSourceCrawlerConfiguration, providerIdentity: AwsIdentity) {
            self.crawlerConfiguration = crawlerConfiguration
            self.providerIdentity = providerIdentity
        }

        public func validate(name: String) throws {
            try self.crawlerConfiguration.validate(name: "\(name).crawlerConfiguration")
            try self.providerIdentity.validate(name: "\(name).providerIdentity")
        }

        private enum CodingKeys: String, CodingKey {
            case crawlerConfiguration = "crawlerConfiguration"
            case providerIdentity = "providerIdentity"
        }
    }

    public struct CustomLogSourceCrawlerConfiguration: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role to be used by the Glue crawler. The recommended IAM policies are:   The managed policy AWSGlueServiceRole    A custom policy granting access to your Amazon S3 Data Lake
        public let roleArn: String

        @inlinable
        public init(roleArn: String) {
            self.roleArn = roleArn
        }

        public func validate(name: String) throws {
            try self.validate(self.roleArn, name: "roleArn", parent: name, pattern: "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case roleArn = "roleArn"
        }
    }

    public struct CustomLogSourceProvider: AWSEncodableShape & AWSDecodableShape {
        /// The location of the partition in the Amazon S3 bucket for Security Lake.
        public let location: String?
        /// The ARN of the IAM role to be used by the entity putting logs into your custom source partition. Security Lake will apply the correct access policies to this role, but you must first manually create the trust policy for this role. The IAM role name must start with the text 'Security Lake'. The IAM role must trust the logProviderAccountId to assume the role.
        public let roleArn: String?

        @inlinable
        public init(location: String? = nil, roleArn: String? = nil) {
            self.location = location
            self.roleArn = roleArn
        }

        public func validate(name: String) throws {
            try self.validate(self.location, name: "location", parent: name, max: 1024)
            try self.validate(self.location, name: "location", parent: name, pattern: "^s3[an]?://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/[^/].*)+$")
            try self.validate(self.roleArn, name: "roleArn", parent: name, pattern: "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case location = "location"
            case roleArn = "roleArn"
        }
    }

    public struct CustomLogSourceResource: AWSEncodableShape & AWSDecodableShape {
        /// The attributes of a third-party custom source.
        public let attributes: CustomLogSourceAttributes?
        /// The details of the log provider for a third-party custom source.
        public let provider: CustomLogSourceProvider?
        /// The name for a third-party custom source. This must be a Regionally unique value.
        public let sourceName: String?
        /// The version for a third-party custom source. This must be a Regionally unique value.
        public let sourceVersion: String?

        @inlinable
        public init(attributes: CustomLogSourceAttributes? = nil, provider: CustomLogSourceProvider? = nil, sourceName: String? = nil, sourceVersion: String? = nil) {
            self.attributes = attributes
            self.provider = provider
            self.sourceName = sourceName
            self.sourceVersion = sourceVersion
        }

        public func validate(name: String) throws {
            try self.attributes?.validate(name: "\(name).attributes")
            try self.provider?.validate(name: "\(name).provider")
            try self.validate(self.sourceName, name: "sourceName", parent: name, max: 64)
            try self.validate(self.sourceName, name: "sourceName", parent: name, min: 1)
            try self.validate(self.sourceName, name: "sourceName", parent: name, pattern: "^[\\w\\-\\_\\:\\.]*$")
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, max: 32)
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, min: 1)
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, pattern: "^[A-Za-z0-9\\-\\.\\_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case attributes = "attributes"
            case provider = "provider"
            case sourceName = "sourceName"
            case sourceVersion = "sourceVersion"
        }
    }

    public struct DataLakeAutoEnableNewAccountConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// The Amazon Web Services Regions where Security Lake is automatically enabled.
        public let region: String
        /// The Amazon Web Services sources that are automatically enabled in Security Lake.
        public let sources: [AwsLogSourceResource]

        @inlinable
        public init(region: String, sources: [AwsLogSourceResource]) {
            self.region = region
            self.sources = sources
        }

        public func validate(name: String) throws {
            try self.validate(self.region, name: "region", parent: name, pattern: "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$")
            try self.sources.forEach {
                try $0.validate(name: "\(name).sources[]")
            }
            try self.validate(self.sources, name: "sources", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case region = "region"
            case sources = "sources"
        }
    }

    public struct DataLakeConfiguration: AWSEncodableShape {
        /// Provides encryption details of Amazon Security Lake object.
        public let encryptionConfiguration: DataLakeEncryptionConfiguration?
        /// Provides lifecycle details of Amazon Security Lake object.
        public let lifecycleConfiguration: DataLakeLifecycleConfiguration?
        /// The Amazon Web Services Regions where Security Lake is automatically enabled.
        public let region: String
        /// Provides replication details of Amazon Security Lake object.
        public let replicationConfiguration: DataLakeReplicationConfiguration?

        @inlinable
        public init(encryptionConfiguration: DataLakeEncryptionConfiguration? = nil, lifecycleConfiguration: DataLakeLifecycleConfiguration? = nil, region: String, replicationConfiguration: DataLakeReplicationConfiguration? = nil) {
            self.encryptionConfiguration = encryptionConfiguration
            self.lifecycleConfiguration = lifecycleConfiguration
            self.region = region
            self.replicationConfiguration = replicationConfiguration
        }

        public func validate(name: String) throws {
            try self.validate(self.region, name: "region", parent: name, pattern: "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$")
            try self.replicationConfiguration?.validate(name: "\(name).replicationConfiguration")
        }

        private enum CodingKeys: String, CodingKey {
            case encryptionConfiguration = "encryptionConfiguration"
            case lifecycleConfiguration = "lifecycleConfiguration"
            case region = "region"
            case replicationConfiguration = "replicationConfiguration"
        }
    }

    public struct DataLakeEncryptionConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// The identifier of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
        public let kmsKeyId: String?

        @inlinable
        public init(kmsKeyId: String? = nil) {
            self.kmsKeyId = kmsKeyId
        }

        private enum CodingKeys: String, CodingKey {
            case kmsKeyId = "kmsKeyId"
        }
    }

    public struct DataLakeException: AWSDecodableShape {
        /// The underlying exception of a Security Lake exception.
        public let exception: String?
        /// The Amazon Web Services Regions where the exception occurred.
        public let region: String?
        /// List of all remediation steps for a Security Lake exception.
        public let remediation: String?
        /// This error can occur if you configure the wrong timestamp format, or if the subset of entries used for validation had errors or missing values.
        public let timestamp: Date?

        @inlinable
        public init(exception: String? = nil, region: String? = nil, remediation: String? = nil, timestamp: Date? = nil) {
            self.exception = exception
            self.region = region
            self.remediation = remediation
            self.timestamp = timestamp
        }

        private enum CodingKeys: String, CodingKey {
            case exception = "exception"
            case region = "region"
            case remediation = "remediation"
            case timestamp = "timestamp"
        }
    }

    public struct DataLakeLifecycleConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Provides data expiration details of Amazon Security Lake object.
        public let expiration: DataLakeLifecycleExpiration?
        /// Provides data storage transition details of Amazon Security Lake object.
        public let transitions: [DataLakeLifecycleTransition]?

        @inlinable
        public init(expiration: DataLakeLifecycleExpiration? = nil, transitions: [DataLakeLifecycleTransition]? = nil) {
            self.expiration = expiration
            self.transitions = transitions
        }

        private enum CodingKeys: String, CodingKey {
            case expiration = "expiration"
            case transitions = "transitions"
        }
    }

    public struct DataLakeLifecycleExpiration: AWSEncodableShape & AWSDecodableShape {
        /// Number of days before data expires in the Amazon Security Lake object.
        public let days: Int?

        @inlinable
        public init(days: Int? = nil) {
            self.days = days
        }

        private enum CodingKeys: String, CodingKey {
            case days = "days"
        }
    }

    public struct DataLakeLifecycleTransition: AWSEncodableShape & AWSDecodableShape {
        /// Number of days before data transitions to a different S3 Storage Class in the Amazon Security Lake object.
        public let days: Int?
        /// The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
        public let storageClass: String?

        @inlinable
        public init(days: Int? = nil, storageClass: String? = nil) {
            self.days = days
            self.storageClass = storageClass
        }

        private enum CodingKeys: String, CodingKey {
            case days = "days"
            case storageClass = "storageClass"
        }
    }

    public struct DataLakeReplicationConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Specifies one or more centralized rollup Regions. The Amazon Web Services Region specified in the region  parameter of the  CreateDataLake  or  UpdateDataLake operations contributes data to the rollup Region or  Regions specified in this parameter. Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. S3 buckets that are configured for object replication can be owned by the same Amazon Web Services account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Regions or within the same Region as the source bucket.
        public let regions: [String]?
        /// Replication settings for the Amazon S3 buckets. This parameter uses the Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
        public let roleArn: String?

        @inlinable
        public init(regions: [String]? = nil, roleArn: String? = nil) {
            self.regions = regions
            self.roleArn = roleArn
        }

        public func validate(name: String) throws {
            try self.regions?.forEach {
                try validate($0, name: "regions[]", parent: name, pattern: "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$")
            }
            try self.validate(self.roleArn, name: "roleArn", parent: name, pattern: "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case regions = "regions"
            case roleArn = "roleArn"
        }
    }

    public struct DataLakeResource: AWSDecodableShape {
        /// Retrieves the status of the CreateDatalake API call for an account in Amazon Security Lake.
        public let createStatus: DataLakeStatus?
        /// The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.
        public let dataLakeArn: String
        /// Provides encryption details of Amazon Security Lake object.
        public let encryptionConfiguration: DataLakeEncryptionConfiguration?
        /// Provides lifecycle details of Amazon Security Lake object.
        public let lifecycleConfiguration: DataLakeLifecycleConfiguration?
        /// The Amazon Web Services Regions where Security Lake is enabled.
        public let region: String
        /// Provides replication details of Amazon Security Lake object.
        public let replicationConfiguration: DataLakeReplicationConfiguration?
        /// The ARN for the Amazon Security Lake Amazon S3 bucket.
        public let s3BucketArn: String?
        /// The status of the last UpdateDataLake or DeleteDataLake API request.
        public let updateStatus: DataLakeUpdateStatus?

        @inlinable
        public init(createStatus: DataLakeStatus? = nil, dataLakeArn: String, encryptionConfiguration: DataLakeEncryptionConfiguration? = nil, lifecycleConfiguration: DataLakeLifecycleConfiguration? = nil, region: String, replicationConfiguration: DataLakeReplicationConfiguration? = nil, s3BucketArn: String? = nil, updateStatus: DataLakeUpdateStatus? = nil) {
            self.createStatus = createStatus
            self.dataLakeArn = dataLakeArn
            self.encryptionConfiguration = encryptionConfiguration
            self.lifecycleConfiguration = lifecycleConfiguration
            self.region = region
            self.replicationConfiguration = replicationConfiguration
            self.s3BucketArn = s3BucketArn
            self.updateStatus = updateStatus
        }

        private enum CodingKeys: String, CodingKey {
            case createStatus = "createStatus"
            case dataLakeArn = "dataLakeArn"
            case encryptionConfiguration = "encryptionConfiguration"
            case lifecycleConfiguration = "lifecycleConfiguration"
            case region = "region"
            case replicationConfiguration = "replicationConfiguration"
            case s3BucketArn = "s3BucketArn"
            case updateStatus = "updateStatus"
        }
    }

    public struct DataLakeSource: AWSDecodableShape {
        /// The ID of the Security Lake account for which logs are collected.
        public let account: String?
        /// The Open Cybersecurity Schema Framework (OCSF) event classes describes the type of data that the custom source will send to Security Lake. For the list of supported event classes, see Supported OCSF Event classes in the Amazon Security Lake User Guide.
        public let eventClasses: [String]?
        /// The supported Amazon Web Services services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported Amazon Web Services services.
        public let sourceName: String?
        /// The log status for the Security Lake account.
        public let sourceStatuses: [DataLakeSourceStatus]?

        @inlinable
        public init(account: String? = nil, eventClasses: [String]? = nil, sourceName: String? = nil, sourceStatuses: [DataLakeSourceStatus]? = nil) {
            self.account = account
            self.eventClasses = eventClasses
            self.sourceName = sourceName
            self.sourceStatuses = sourceStatuses
        }

        private enum CodingKeys: String, CodingKey {
            case account = "account"
            case eventClasses = "eventClasses"
            case sourceName = "sourceName"
            case sourceStatuses = "sourceStatuses"
        }
    }

    public struct DataLakeSourceStatus: AWSDecodableShape {
        /// Defines path the stored logs are available which has information on your systems, applications, and services.
        public let resource: String?
        /// The health status of services, including error codes and patterns.
        public let status: SourceCollectionStatus?

        @inlinable
        public init(resource: String? = nil, status: SourceCollectionStatus? = nil) {
            self.resource = resource
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case resource = "resource"
            case status = "status"
        }
    }

    public struct DataLakeUpdateException: AWSDecodableShape {
        /// The reason code for the exception of the last UpdateDataLake or DeleteDataLake API request.
        public let code: String?
        /// The reason for the exception of the last UpdateDataLakeor DeleteDataLake API request.
        public let reason: String?

        @inlinable
        public init(code: String? = nil, reason: String? = nil) {
            self.code = code
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case code = "code"
            case reason = "reason"
        }
    }

    public struct DataLakeUpdateStatus: AWSDecodableShape {
        /// The details of the last UpdateDataLakeor DeleteDataLake API request which failed.
        public let exception: DataLakeUpdateException?
        /// The unique ID for the last UpdateDataLake or DeleteDataLake API request.
        public let requestId: String?
        /// The status of the last UpdateDataLake or DeleteDataLake API request that was requested.
        public let status: DataLakeStatus?

        @inlinable
        public init(exception: DataLakeUpdateException? = nil, requestId: String? = nil, status: DataLakeStatus? = nil) {
            self.exception = exception
            self.requestId = requestId
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case exception = "exception"
            case requestId = "requestId"
            case status = "status"
        }
    }

    public struct DeleteAwsLogSourceRequest: AWSEncodableShape {
        /// Specify the natively-supported Amazon Web Services service to remove as a source in Security Lake.
        public let sources: [AwsLogSourceConfiguration]

        @inlinable
        public init(sources: [AwsLogSourceConfiguration]) {
            self.sources = sources
        }

        public func validate(name: String) throws {
            try self.sources.forEach {
                try $0.validate(name: "\(name).sources[]")
            }
            try self.validate(self.sources, name: "sources", parent: name, max: 50)
            try self.validate(self.sources, name: "sources", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case sources = "sources"
        }
    }

    public struct DeleteAwsLogSourceResponse: AWSDecodableShape {
        /// Deletion of the Amazon Web Services sources failed as the account is not a part of the organization.
        public let failed: [String]?

        @inlinable
        public init(failed: [String]? = nil) {
            self.failed = failed
        }

        private enum CodingKeys: String, CodingKey {
            case failed = "failed"
        }
    }

    public struct DeleteCustomLogSourceRequest: AWSEncodableShape {
        /// The source name of custom log source that you want to delete.
        public let sourceName: String
        /// The source version for the third-party custom source. You can limit the custom source removal to the specified source version.
        public let sourceVersion: String?

        @inlinable
        public init(sourceName: String, sourceVersion: String? = nil) {
            self.sourceName = sourceName
            self.sourceVersion = sourceVersion
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.sourceName, key: "sourceName")
            request.encodeQuery(self.sourceVersion, key: "sourceVersion")
        }

        public func validate(name: String) throws {
            try self.validate(self.sourceName, name: "sourceName", parent: name, max: 64)
            try self.validate(self.sourceName, name: "sourceName", parent: name, min: 1)
            try self.validate(self.sourceName, name: "sourceName", parent: name, pattern: "^[\\w\\-\\_\\:\\.]*$")
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, max: 32)
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, min: 1)
            try self.validate(self.sourceVersion, name: "sourceVersion", parent: name, pattern: "^[A-Za-z0-9\\-\\.\\_]*$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteCustomLogSourceResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteDataLakeExceptionSubscriptionRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DeleteDataLakeExceptionSubscriptionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteDataLakeOrganizationConfigurationRequest: AWSEncodableShape {
        /// Turns off automatic enablement of Security Lake for member accounts that are added to an organization.
        public let autoEnableNewAccount: [DataLakeAutoEnableNewAccountConfiguration]?

        @inlinable
        public init(autoEnableNewAccount: [DataLakeAutoEnableNewAccountConfiguration]? = nil) {
            self.autoEnableNewAccount = autoEnableNewAccount
        }

        public func validate(name: String) throws {
            try self.autoEnableNewAccount?.forEach {
                try $0.validate(name: "\(name).autoEnableNewAccount[]")
            }
            try self.validate(self.autoEnableNewAccount, name: "autoEnableNewAccount", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnableNewAccount = "autoEnableNewAccount"
        }
    }

    public struct DeleteDataLakeOrganizationConfigurationResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteDataLakeRequest: AWSEncodableShape {
        /// The list of Regions where Security Lake is enabled.
        public let regions: [String]

        @inlinable
        public init(regions: [String]) {
            self.regions = regions
        }

        public func validate(name: String) throws {
            try self.regions.forEach {
                try validate($0, name: "regions[]", parent: name, pattern: "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case regions = "regions"
        }
    }

    public struct DeleteDataLakeResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteSubscriberNotificationRequest: AWSEncodableShape {
        /// The ID of the Security Lake subscriber account.
        public let subscriberId: String

        @inlinable
        public init(subscriberId: String) {
            self.subscriberId = subscriberId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.subscriberId, key: "subscriberId")
        }

        public func validate(name: String) throws {
            try self.validate(self.subscriberId, name: "subscriberId", parent: name, pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteSubscriberNotificationResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeleteSubscriberRequest: AWSEncodableShape {
        /// A value created by Security Lake that uniquely identifies your DeleteSubscriber API request.
        public let subscriberId: String

        @inlinable
        public init(subscriberId: String) {
            self.subscriberId = subscriberId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.subscriberId, key: "subscriberId")
        }

        public func validate(name: String) throws {
            try self.validate(self.subscriberId, name: "subscriberId", parent: name, pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct DeleteSubscriberResponse: AWSDecodableShape {
        public init() {}
    }

    public struct DeregisterDataLakeDelegatedAdministratorRequest: AWSEncodableShape {
        public init() {}
    }

    public struct DeregisterDataLakeDelegatedAdministratorResponse: AWSDecodableShape {
        public init() {}
    }

    public struct GetDataLakeExceptionSubscriptionRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetDataLakeExceptionSubscriptionResponse: AWSDecodableShape {
        /// The expiration period and time-to-live (TTL). It is the duration of time until which the exception message remains.
        public let exceptionTimeToLive: Int64?
        /// The Amazon Web Services account where you receive exception notifications.
        public let notificationEndpoint: String?
        /// The subscription protocol to which exception notifications are posted.
        public let subscriptionProtocol: String?

        @inlinable
        public init(exceptionTimeToLive: Int64? = nil, notificationEndpoint: String? = nil, subscriptionProtocol: String? = nil) {
            self.exceptionTimeToLive = exceptionTimeToLive
            self.notificationEndpoint = notificationEndpoint
            self.subscriptionProtocol = subscriptionProtocol
        }

        private enum CodingKeys: String, CodingKey {
            case exceptionTimeToLive = "exceptionTimeToLive"
            case notificationEndpoint = "notificationEndpoint"
            case subscriptionProtocol = "subscriptionProtocol"
        }
    }

    public struct GetDataLakeOrganizationConfigurationRequest: AWSEncodableShape {
        public init() {}
    }

    public struct GetDataLakeOrganizationConfigurationResponse: AWSDecodableShape {
        /// The configuration used for new accounts in Security Lake.
        public let autoEnableNewAccount: [DataLakeAutoEnableNewAccountConfiguration]?

        @inlinable
        public init(autoEnableNewAccount: [DataLakeAutoEnableNewAccountConfiguration]? = nil) {
            self.autoEnableNewAccount = autoEnableNewAccount
        }

        private enum CodingKeys: String, CodingKey {
            case autoEnableNewAccount = "autoEnableNewAccount"
        }
    }

    public struct GetDataLakeSourcesRequest: AWSEncodableShape {
        /// The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.
        public let accounts: [String]?
        /// The maximum limit of accounts for which the static snapshot of the current Region, including enabled accounts and log sources, is retrieved.
        public let maxResults: Int?
        /// Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
        public let nextToken: String?

        @inlinable
        public init(accounts: [String]? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.accounts = accounts
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.accounts?.forEach {
                try validate($0, name: "accounts[]", parent: name, max: 12)
                try validate($0, name: "accounts[]", parent: name, min: 12)
                try validate($0, name: "accounts[]", parent: name, pattern: "^[0-9]{12}$")
            }
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 2048)
        }

        private enum CodingKeys: String, CodingKey {
            case accounts = "accounts"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
        }
    }

    public struct GetDataLakeSourcesResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.
        public let dataLakeArn: String?
        /// The list of enabled accounts and enabled sources.
        public let dataLakeSources: [DataLakeSource]?
        /// Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
        public let nextToken: String?

        @inlinable
        public init(dataLakeArn: String? = nil, dataLakeSources: [DataLakeSource]? = nil, nextToken: String? = nil) {
            self.dataLakeArn = dataLakeArn
            self.dataLakeSources = dataLakeSources
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case dataLakeArn = "dataLakeArn"
            case dataLakeSources = "dataLakeSources"
            case nextToken = "nextToken"
        }
    }

    public struct GetSubscriberRequest: AWSEncodableShape {
        /// A value created by Amazon Security Lake that uniquely identifies your GetSubscriber API request.
        public let subscriberId: String

        @inlinable
        public init(subscriberId: String) {
            self.subscriberId = subscriberId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.subscriberId, key: "subscriberId")
        }

        public func validate(name: String) throws {
            try self.validate(self.subscriberId, name: "subscriberId", parent: name, pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct GetSubscriberResponse: AWSDecodableShape {
        /// The subscriber information for the specified subscriber ID.
        public let subscriber: SubscriberResource?

        @inlinable
        public init(subscriber: SubscriberResource? = nil) {
            self.subscriber = subscriber
        }

        private enum CodingKeys: String, CodingKey {
            case subscriber = "subscriber"
        }
    }

    public struct HttpsNotificationConfiguration: AWSEncodableShape {
        /// The key name for the notification subscription.
        public let authorizationApiKeyName: String?
        /// The key value for the notification subscription.
        public let authorizationApiKeyValue: String?
        /// The subscription endpoint in Security Lake. If you prefer notification with an HTTPs endpoint, populate this field.
        public let endpoint: String
        /// The HTTPS method used for the notification subscription.
        public let httpMethod: HttpMethod?
        /// The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role that you created. For more information about ARNs and how to use them in policies, see Managing data access and Amazon Web Services Managed Policies in the Amazon Security Lake User Guide.
        public let targetRoleArn: String

        @inlinable
        public init(authorizationApiKeyName: String? = nil, authorizationApiKeyValue: String? = nil, endpoint: String, httpMethod: HttpMethod? = nil, targetRoleArn: String) {
            self.authorizationApiKeyName = authorizationApiKeyName
            self.authorizationApiKeyValue = authorizationApiKeyValue
            self.endpoint = endpoint
            self.httpMethod = httpMethod
            self.targetRoleArn = targetRoleArn
        }

        public func validate(name: String) throws {
            try self.validate(self.targetRoleArn, name: "targetRoleArn", parent: name, pattern: "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case authorizationApiKeyName = "authorizationApiKeyName"
            case authorizationApiKeyValue = "authorizationApiKeyValue"
            case endpoint = "endpoint"
            case httpMethod = "httpMethod"
            case targetRoleArn = "targetRoleArn"
        }
    }

    public struct ListDataLakeExceptionsRequest: AWSEncodableShape {
        /// Lists the maximum number of failures in Security Lake.
        public let maxResults: Int?
        /// Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
        public let nextToken: String?
        /// The Amazon Web Services Regions from which exceptions are retrieved.
        public let regions: [String]?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, regions: [String]? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.regions = regions
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 2048)
            try self.regions?.forEach {
                try validate($0, name: "regions[]", parent: name, pattern: "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case regions = "regions"
        }
    }

    public struct ListDataLakeExceptionsResponse: AWSDecodableShape {
        /// Lists the failures that cannot be retried.
        public let exceptions: [DataLakeException]?
        /// Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.
        public let nextToken: String?

        @inlinable
        public init(exceptions: [DataLakeException]? = nil, nextToken: String? = nil) {
            self.exceptions = exceptions
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case exceptions = "exceptions"
            case nextToken = "nextToken"
        }
    }

    public struct ListDataLakesRequest: AWSEncodableShape {
        /// The list of Regions where Security Lake is enabled.
        public let regions: [String]?

        @inlinable
        public init(regions: [String]? = nil) {
            self.regions = regions
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.regions, key: "regions")
        }

        public func validate(name: String) throws {
            try self.regions?.forEach {
                try validate($0, name: "regions[]", parent: name, pattern: "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$")
            }
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListDataLakesResponse: AWSDecodableShape {
        /// Retrieves the Security Lake configuration object.
        public let dataLakes: [DataLakeResource]?

        @inlinable
        public init(dataLakes: [DataLakeResource]? = nil) {
            self.dataLakes = dataLakes
        }

        private enum CodingKeys: String, CodingKey {
            case dataLakes = "dataLakes"
        }
    }

    public struct ListLogSourcesRequest: AWSEncodableShape {
        /// The list of Amazon Web Services accounts for which log sources are displayed.
        public let accounts: [String]?
        /// The maximum number of accounts for which the log sources are displayed.
        public let maxResults: Int?
        /// If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
        public let nextToken: String?
        /// The list of Regions for which log sources are displayed.
        public let regions: [String]?
        /// The list of sources for which log sources are displayed.
        public let sources: [LogSourceResource]?

        @inlinable
        public init(accounts: [String]? = nil, maxResults: Int? = nil, nextToken: String? = nil, regions: [String]? = nil, sources: [LogSourceResource]? = nil) {
            self.accounts = accounts
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.regions = regions
            self.sources = sources
        }

        public func validate(name: String) throws {
            try self.accounts?.forEach {
                try validate($0, name: "accounts[]", parent: name, max: 12)
                try validate($0, name: "accounts[]", parent: name, min: 12)
                try validate($0, name: "accounts[]", parent: name, pattern: "^[0-9]{12}$")
            }
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 2048)
            try self.regions?.forEach {
                try validate($0, name: "regions[]", parent: name, pattern: "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$")
            }
            try self.sources?.forEach {
                try $0.validate(name: "\(name).sources[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case accounts = "accounts"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case regions = "regions"
            case sources = "sources"
        }
    }

    public struct ListLogSourcesResponse: AWSDecodableShape {
        /// If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
        public let nextToken: String?
        /// The list of log sources in your organization that send data to the data lake.
        public let sources: [LogSource]?

        @inlinable
        public init(nextToken: String? = nil, sources: [LogSource]? = nil) {
            self.nextToken = nextToken
            self.sources = sources
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "nextToken"
            case sources = "sources"
        }
    }

    public struct ListSubscribersRequest: AWSEncodableShape {
        /// The maximum number of accounts for which the configuration is displayed.
        public let maxResults: Int?
        /// If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodeQuery(self.maxResults, key: "maxResults")
            request.encodeQuery(self.nextToken, key: "nextToken")
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 2048)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListSubscribersResponse: AWSDecodableShape {
        /// If nextToken is returned, there are more results available. You can repeat the call using the returned token to retrieve the next page.
        public let nextToken: String?
        /// The subscribers available for the specified Security Lake account ID.
        public let subscribers: [SubscriberResource]?

        @inlinable
        public init(nextToken: String? = nil, subscribers: [SubscriberResource]? = nil) {
            self.nextToken = nextToken
            self.subscribers = subscribers
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "nextToken"
            case subscribers = "subscribers"
        }
    }

    public struct ListTagsForResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the Amazon Security Lake resource for which you want to retrieve the tags.
        public let resourceArn: String

        @inlinable
        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "resourceArn")
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 1011)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:(aws|aws-us-gov|aws-cn):securitylake:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9][A-Za-z0-9_/.\\-]{0,127}$")
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct ListTagsForResourceResponse: AWSDecodableShape {
        /// An array of objects, one for each tag (key and value) that’s associated with the Amazon Security Lake resource.
        public let tags: [Tag]?

        @inlinable
        public init(tags: [Tag]? = nil) {
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "tags"
        }
    }

    public struct LogSource: AWSDecodableShape {
        /// Specify the account from which you want to collect logs.
        public let account: String?
        /// Specify the Regions from which you want to collect logs.
        public let region: String?
        /// Specify the sources from which you want to collect logs.
        public let sources: [LogSourceResource]?

        @inlinable
        public init(account: String? = nil, region: String? = nil, sources: [LogSourceResource]? = nil) {
            self.account = account
            self.region = region
            self.sources = sources
        }

        private enum CodingKeys: String, CodingKey {
            case account = "account"
            case region = "region"
            case sources = "sources"
        }
    }

    public struct RegisterDataLakeDelegatedAdministratorRequest: AWSEncodableShape {
        /// The Amazon Web Services account ID of the Security Lake delegated administrator.
        public let accountId: String

        @inlinable
        public init(accountId: String) {
            self.accountId = accountId
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "accountId"
        }
    }

    public struct RegisterDataLakeDelegatedAdministratorResponse: AWSDecodableShape {
        public init() {}
    }

    public struct ResourceNotFoundException: AWSErrorShape {
        public let message: String?
        /// The name of the resource that could not be found.
        public let resourceName: String?
        /// The type of the resource that could not be found.
        public let resourceType: String?

        @inlinable
        public init(message: String? = nil, resourceName: String? = nil, resourceType: String? = nil) {
            self.message = message
            self.resourceName = resourceName
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case resourceName = "resourceName"
            case resourceType = "resourceType"
        }
    }

    public struct SqsNotificationConfiguration: AWSEncodableShape {
        public init() {}
    }

    public struct SubscriberResource: AWSDecodableShape {
        /// You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber. Subscribers can consume data by directly querying Lake Formation tables in your Amazon S3 bucket through services like Amazon Athena. This subscription type is defined as LAKEFORMATION.
        public let accessTypes: [AccessType]?
        /// The date and time when the subscriber was created.
        public let createdAt: Date?
        /// The Amazon Resource Name (ARN) which uniquely defines the Amazon Web Services RAM resource share. Before accepting the RAM resource share invitation, you can view details related to the RAM resource share. This field is available only for Lake Formation subscribers created after March 8, 2023.
        public let resourceShareArn: String?
        /// The name of the resource share.
        public let resourceShareName: String?
        /// The Amazon Resource Name (ARN) specifying the role of the subscriber.
        public let roleArn: String?
        /// The ARN for the Amazon S3 bucket.
        public let s3BucketArn: String?
        /// Amazon Security Lake supports log and event collection for natively supported Amazon Web Services services. For more information, see the Amazon Security Lake User Guide.
        public let sources: [LogSourceResource]
        /// The subscriber ARN of the Amazon Security Lake subscriber account.
        public let subscriberArn: String
        /// The subscriber descriptions for a subscriber account. The description for a subscriber includes subscriberName, accountID, externalID, and subscriberId.
        public let subscriberDescription: String?
        /// The subscriber endpoint to which exception messages are posted.
        public let subscriberEndpoint: String?
        /// The subscriber ID of the Amazon Security Lake subscriber account.
        public let subscriberId: String
        /// The Amazon Web Services identity used to access your data.
        public let subscriberIdentity: AwsIdentity
        /// The name of your Amazon Security Lake subscriber account.
        public let subscriberName: String
        /// The subscriber status of the Amazon Security Lake subscriber account.
        public let subscriberStatus: SubscriberStatus?
        /// The date and time when the subscriber was last updated.
        public let updatedAt: Date?

        @inlinable
        public init(accessTypes: [AccessType]? = nil, createdAt: Date? = nil, resourceShareArn: String? = nil, resourceShareName: String? = nil, roleArn: String? = nil, s3BucketArn: String? = nil, sources: [LogSourceResource], subscriberArn: String, subscriberDescription: String? = nil, subscriberEndpoint: String? = nil, subscriberId: String, subscriberIdentity: AwsIdentity, subscriberName: String, subscriberStatus: SubscriberStatus? = nil, updatedAt: Date? = nil) {
            self.accessTypes = accessTypes
            self.createdAt = createdAt
            self.resourceShareArn = resourceShareArn
            self.resourceShareName = resourceShareName
            self.roleArn = roleArn
            self.s3BucketArn = s3BucketArn
            self.sources = sources
            self.subscriberArn = subscriberArn
            self.subscriberDescription = subscriberDescription
            self.subscriberEndpoint = subscriberEndpoint
            self.subscriberId = subscriberId
            self.subscriberIdentity = subscriberIdentity
            self.subscriberName = subscriberName
            self.subscriberStatus = subscriberStatus
            self.updatedAt = updatedAt
        }

        private enum CodingKeys: String, CodingKey {
            case accessTypes = "accessTypes"
            case createdAt = "createdAt"
            case resourceShareArn = "resourceShareArn"
            case resourceShareName = "resourceShareName"
            case roleArn = "roleArn"
            case s3BucketArn = "s3BucketArn"
            case sources = "sources"
            case subscriberArn = "subscriberArn"
            case subscriberDescription = "subscriberDescription"
            case subscriberEndpoint = "subscriberEndpoint"
            case subscriberId = "subscriberId"
            case subscriberIdentity = "subscriberIdentity"
            case subscriberName = "subscriberName"
            case subscriberStatus = "subscriberStatus"
            case updatedAt = "updatedAt"
        }
    }

    public struct Tag: AWSEncodableShape & AWSDecodableShape {
        /// The  name of the tag. This is a general label that acts as a category for a more specific tag value (value).
        public let key: String
        /// The value that’s associated with the specified tag key (key). This value acts as a descriptor for the tag key. A tag value cannot be  null, but it can be an empty string.
        public let value: String

        @inlinable
        public init(key: String, value: String) {
            self.key = key
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.key, name: "key", parent: name, max: 128)
            try self.validate(self.key, name: "key", parent: name, min: 1)
            try self.validate(self.value, name: "value", parent: name, max: 256)
        }

        private enum CodingKeys: String, CodingKey {
            case key = "key"
            case value = "value"
        }
    }

    public struct TagResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the Amazon Security Lake resource to add or update the tags for.
        public let resourceArn: String
        /// An array of objects, one for each tag (key and value) to associate with the Amazon Security Lake resource. For each tag, you must  specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
        public let tags: [Tag]

        @inlinable
        public init(resourceArn: String, tags: [Tag]) {
            self.resourceArn = resourceArn
            self.tags = tags
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "resourceArn")
            try container.encode(self.tags, forKey: .tags)
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 1011)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:(aws|aws-us-gov|aws-cn):securitylake:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9][A-Za-z0-9_/.\\-]{0,127}$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "tags"
        }
    }

    public struct TagResourceResponse: AWSDecodableShape {
        public init() {}
    }

    public struct ThrottlingException: AWSErrorShape {
        public let message: String?
        /// That the rate of requests to Security Lake is exceeding the request quotas for your Amazon Web Services account.
        public let quotaCode: String?
        /// Retry the request after the specified time.
        public let retryAfterSeconds: Int?
        /// The code for the service in Service Quotas.
        public let serviceCode: String?

        @inlinable
        public init(message: String? = nil, quotaCode: String? = nil, retryAfterSeconds: Int? = nil, serviceCode: String? = nil) {
            self.message = message
            self.quotaCode = quotaCode
            self.retryAfterSeconds = retryAfterSeconds
            self.serviceCode = serviceCode
        }

        public init(from decoder: Decoder) throws {
            let response = decoder.userInfo[.awsResponse]! as! ResponseDecodingContainer
            let container = try decoder.container(keyedBy: CodingKeys.self)
            self.message = try container.decodeIfPresent(String.self, forKey: .message)
            self.quotaCode = try container.decodeIfPresent(String.self, forKey: .quotaCode)
            self.retryAfterSeconds = try response.decodeHeaderIfPresent(Int.self, key: "Retry-After")
            self.serviceCode = try container.decodeIfPresent(String.self, forKey: .serviceCode)
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case quotaCode = "quotaCode"
            case serviceCode = "serviceCode"
        }
    }

    public struct UntagResourceRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the Amazon Security Lake resource to remove one or more tags from.
        public let resourceArn: String
        /// A list of one or more tag keys. For each value in the list, specify the tag key for a tag to remove from the Amazon Security Lake resource.
        public let tagKeys: [String]

        @inlinable
        public init(resourceArn: String, tagKeys: [String]) {
            self.resourceArn = resourceArn
            self.tagKeys = tagKeys
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            _ = encoder.container(keyedBy: CodingKeys.self)
            request.encodePath(self.resourceArn, key: "resourceArn")
            request.encodeQuery(self.tagKeys, key: "tagKeys")
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 1011)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:(aws|aws-us-gov|aws-cn):securitylake:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9_/.\\-]{0,63}:[A-Za-z0-9][A-Za-z0-9_/.\\-]{0,127}$")
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 50)
        }

        private enum CodingKeys: CodingKey {}
    }

    public struct UntagResourceResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateDataLakeExceptionSubscriptionRequest: AWSEncodableShape {
        /// The time-to-live (TTL) for the exception message to remain. It is the duration of time until which the exception message remains.
        public let exceptionTimeToLive: Int64?
        /// The account that is subscribed to receive exception notifications.
        public let notificationEndpoint: String
        /// The subscription protocol to which exception messages are posted.
        public let subscriptionProtocol: String

        @inlinable
        public init(exceptionTimeToLive: Int64? = nil, notificationEndpoint: String, subscriptionProtocol: String) {
            self.exceptionTimeToLive = exceptionTimeToLive
            self.notificationEndpoint = notificationEndpoint
            self.subscriptionProtocol = subscriptionProtocol
        }

        public func validate(name: String) throws {
            try self.validate(self.notificationEndpoint, name: "notificationEndpoint", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
            try self.validate(self.subscriptionProtocol, name: "subscriptionProtocol", parent: name, pattern: "^[a-z\\-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case exceptionTimeToLive = "exceptionTimeToLive"
            case notificationEndpoint = "notificationEndpoint"
            case subscriptionProtocol = "subscriptionProtocol"
        }
    }

    public struct UpdateDataLakeExceptionSubscriptionResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateDataLakeRequest: AWSEncodableShape {
        /// Specifies the Region or Regions that will contribute data to the rollup region.
        public let configurations: [DataLakeConfiguration]
        /// The Amazon Resource Name (ARN) used to create and update the Glue table. This table contains partitions generated by the ingestion and normalization of Amazon Web Services log sources and custom sources.
        public let metaStoreManagerRoleArn: String?

        @inlinable
        public init(configurations: [DataLakeConfiguration], metaStoreManagerRoleArn: String? = nil) {
            self.configurations = configurations
            self.metaStoreManagerRoleArn = metaStoreManagerRoleArn
        }

        public func validate(name: String) throws {
            try self.configurations.forEach {
                try $0.validate(name: "\(name).configurations[]")
            }
            try self.validate(self.configurations, name: "configurations", parent: name, min: 1)
            try self.validate(self.metaStoreManagerRoleArn, name: "metaStoreManagerRoleArn", parent: name, pattern: "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case configurations = "configurations"
            case metaStoreManagerRoleArn = "metaStoreManagerRoleArn"
        }
    }

    public struct UpdateDataLakeResponse: AWSDecodableShape {
        /// The created Security Lake configuration object.
        public let dataLakes: [DataLakeResource]?

        @inlinable
        public init(dataLakes: [DataLakeResource]? = nil) {
            self.dataLakes = dataLakes
        }

        private enum CodingKeys: String, CodingKey {
            case dataLakes = "dataLakes"
        }
    }

    public struct UpdateSubscriberNotificationRequest: AWSEncodableShape {
        /// The configuration for subscriber notification.
        public let configuration: NotificationConfiguration
        /// The subscription ID for which the subscription notification is specified.
        public let subscriberId: String

        @inlinable
        public init(configuration: NotificationConfiguration, subscriberId: String) {
            self.configuration = configuration
            self.subscriberId = subscriberId
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encode(self.configuration, forKey: .configuration)
            request.encodePath(self.subscriberId, key: "subscriberId")
        }

        public func validate(name: String) throws {
            try self.configuration.validate(name: "\(name).configuration")
            try self.validate(self.subscriberId, name: "subscriberId", parent: name, pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$")
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
        }
    }

    public struct UpdateSubscriberNotificationResponse: AWSDecodableShape {
        /// The subscriber endpoint to which exception messages are posted.
        public let subscriberEndpoint: String?

        @inlinable
        public init(subscriberEndpoint: String? = nil) {
            self.subscriberEndpoint = subscriberEndpoint
        }

        private enum CodingKeys: String, CodingKey {
            case subscriberEndpoint = "subscriberEndpoint"
        }
    }

    public struct UpdateSubscriberRequest: AWSEncodableShape {
        /// The supported Amazon Web Services services from which logs and events are collected. For the list of supported Amazon Web Services services, see the Amazon Security Lake User Guide.
        public let sources: [LogSourceResource]?
        /// The description of the Security Lake account subscriber.
        public let subscriberDescription: String?
        /// A value created by Security Lake that uniquely identifies your subscription.
        public let subscriberId: String
        /// The Amazon Web Services identity used to access your data.
        public let subscriberIdentity: AwsIdentity?
        /// The name of the Security Lake account subscriber.
        public let subscriberName: String?

        @inlinable
        public init(sources: [LogSourceResource]? = nil, subscriberDescription: String? = nil, subscriberId: String, subscriberIdentity: AwsIdentity? = nil, subscriberName: String? = nil) {
            self.sources = sources
            self.subscriberDescription = subscriberDescription
            self.subscriberId = subscriberId
            self.subscriberIdentity = subscriberIdentity
            self.subscriberName = subscriberName
        }

        public func encode(to encoder: Encoder) throws {
            let request = encoder.userInfo[.awsRequest]! as! RequestEncodingContainer
            var container = encoder.container(keyedBy: CodingKeys.self)
            try container.encodeIfPresent(self.sources, forKey: .sources)
            try container.encodeIfPresent(self.subscriberDescription, forKey: .subscriberDescription)
            request.encodePath(self.subscriberId, key: "subscriberId")
            try container.encodeIfPresent(self.subscriberIdentity, forKey: .subscriberIdentity)
            try container.encodeIfPresent(self.subscriberName, forKey: .subscriberName)
        }

        public func validate(name: String) throws {
            try self.sources?.forEach {
                try $0.validate(name: "\(name).sources[]")
            }
            try self.validate(self.subscriberDescription, name: "subscriberDescription", parent: name, pattern: "^[\\\\\\w\\s\\-_:/,.@=+]*$")
            try self.validate(self.subscriberId, name: "subscriberId", parent: name, pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$")
            try self.subscriberIdentity?.validate(name: "\(name).subscriberIdentity")
            try self.validate(self.subscriberName, name: "subscriberName", parent: name, pattern: "^[\\\\\\w\\-_:/.@=+]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case sources = "sources"
            case subscriberDescription = "subscriberDescription"
            case subscriberIdentity = "subscriberIdentity"
            case subscriberName = "subscriberName"
        }
    }

    public struct UpdateSubscriberResponse: AWSDecodableShape {
        /// The updated subscriber information.
        public let subscriber: SubscriberResource?

        @inlinable
        public init(subscriber: SubscriberResource? = nil) {
            self.subscriber = subscriber
        }

        private enum CodingKeys: String, CodingKey {
            case subscriber = "subscriber"
        }
    }
}

// MARK: - Errors

/// Error enum for SecurityLake
public struct SecurityLakeErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case badRequestException = "BadRequestException"
        case conflictException = "ConflictException"
        case internalServerException = "InternalServerException"
        case resourceNotFoundException = "ResourceNotFoundException"
        case throttlingException = "ThrottlingException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize SecurityLake
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
    public static var badRequestException: Self { .init(.badRequestException) }
    /// Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
    public static var conflictException: Self { .init(.conflictException) }
    /// Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.
    public static var internalServerException: Self { .init(.internalServerException) }
    /// The resource could not be found.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
    /// The limit on the number of requests per second was exceeded.
    public static var throttlingException: Self { .init(.throttlingException) }
}

extension SecurityLakeErrorType: AWSServiceErrorType {
    public static let errorCodeMap: [String: AWSErrorShape.Type] = [
        "AccessDeniedException": SecurityLake.AccessDeniedException.self,
        "ConflictException": SecurityLake.ConflictException.self,
        "ResourceNotFoundException": SecurityLake.ResourceNotFoundException.self,
        "ThrottlingException": SecurityLake.ThrottlingException.self
    ]
}

extension SecurityLakeErrorType: Equatable {
    public static func == (lhs: SecurityLakeErrorType, rhs: SecurityLakeErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension SecurityLakeErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
